The Microsoft Defender research group noted that Zerobot’s harm is updated – now it is even more effectively infecting the devices using APACHE servers, and also received a new set of functions for DDOS attacks.
Malia appeared in mid -November this year. His “hallmark” was the ability to self -arrange in the networks of victims.
As Microsoft researchers say, since the beginning of December, exploits have disappeared from Zerobot for vulnerabilities in the PHPMYADMIN servers, DASAN GPON Routers and D-Link DSL-2750B routers.
The old exploits were replaced by new ones-now the harmful attacks of ICMP, SYN, SYN-EMAS, XMAS and UDP with the possibility of customization of the payload of packages have been replaced. In addition, Zerobot learned to attack seven new types of devices and software, including vulnerable servers Apache and Apache Spark.
A complete list of vulnerabilities used by Zerobot:
cve-2017-17105 : zivif pr115-204- P-rs
cve-2019-10655 : grandstream
CVE-2020-25223 : Sophos sg utm
cve-2021-42013 : apache
cve-2022-31137 : Roxy-Wi
cve-2022-33891 : apache spark